can anyone identify if these services are necessary?

kushalkoolwal · 05-08-2006, 07:19 PM

I was just poking into the services/daemons that are running on my system by default. Here is output that I got after giving the command

ps aux -H

Code:

USER PID %CPU %MEM   VSZ  RSS TTY      STAT START   TIME COMMAND
root 1  0.0  0.1  1584  516 ?        S    13:01   0:01 init [2]  
root 2  0.0  0.0     0    0 ?        SN   13:01   0:00 [ksoftirqd/0]
root 3  0.0  0.0     0    0 ?        S    13:01   0:00   [watchdog/0]
root 4  0.0  0.0     0    0 ?        S<   13:01   0:00   [events/0]
root 5  0.0  0.0     0    0 ?        S<   13:01   0:00   [khelper]
root 6  0.0  0.0     0    0 ?        S<   13:01   0:00   [kthread]
root 8  0.0  0.0     0    0 ?     S<   13:01   0:00       [kblockd/0]
root 51  0.0  0.0     0    0 ?        S    13:01   0:00    [pdflush]
root 52  0.0  0.0     0    0 ?        S    13:01   0:00    [pdflush]
root 54  0.0  0.0     0    0 ?        S<   13:01   0:00    [aio/0]
root 640  0.0  0.0    0    0 ?      S<   13:01   0:00      [kseriod]
root 1973  0.0  0.0     0    0 ?    S<   13:01   0:00     [kpsmoused]
root 2669  0.0  0.0     0    0 ?        S<   13:02   0:00   [khubd]
root 53  0.0  0.0     0    0 ?        S    13:01   0:00   [kswapd0]
root 796  0.0  0.0     0    0 ? S    13:01   0:00   [kjournald]
root 827  0.0  0.0  1572  428 ? S<s  13:01   0:00   udevd
root 2999  0.0  0.0  1748  384 ?        Ss   13:03   0:00   dhclient -e -pf /var/run/dhclient.eth0.pid -lf /var/run/dhclient.eth0.leases eth0
daemon 3004  0.0  0.0  1684  316 ? Ss   13:03   0:00   /sbin/portmap
root   3406  0.0  0.1  1632  584 ? Ss   13:03   0:00   /sbin/syslogd
root   3462  0.0  0.2  2268 1124 ? Ss   13:03   0:00   /sbin/klogd
message 3492  0.0  0.1  2168  748 ? Ss   13:03   0:00  /usr/bin/dbus-daemon-1 --system
hal       3497  0.3  0.8  6212 4340 ?        Ss   13:03   0:07   /usr/sbin/hald --drop-privileges
root      3503  0.0  0.0  1576  340 ?        Ss   13:03   0:00   /usr/sbin/inetd
root      3637  0.0  0.1  3476  884 ?        Ss   13:03   0:00   /usr/sbin/sshd
root      3683  0.0  0.3  3036 1716 tty1     Ss   13:03   0:01   -bash
root      3807  0.0  0.1  2560  812 tty1     R+   13:41   0:00     ps aux -H
root      3686  0.0  0.0  1584  492 tty2     Ss+  13:03   0:00   /sbin/getty 38400 tty2

Now can I anyone tell if the following processes are necessary for proper working of my debian system or can I kill them? Also it would really good if anytime can also mention in one-line as to what does the process signify/do?

Code:

ksoftirqd/0
khelper
kthread
aio/0
kseriod
kpsmoused
khubd
kswapd0
kjournald

Thank you in advance.

ataraxia · 05-08-2006, 07:28 PM

All the things in square brackets (including all the stuff in your second list) are parts of the kernel. You can't get rid of them.

As far as the others go, dbus-daemon-1 and hald are required by gnome. Portmap, inetd, and sshd you might be able to get rid of - it depends on what you need on your machine. You can always try to remove them and see what else would go away.

narc · 05-08-2006, 07:34 PM

Perhaps you should start poking around the services that are initiated at bootup. No service is booted whitout "your implicit consent" or rather whitout passing thru /etc/rc.d/rc? (depending on the runlevel you enter) ... unless of course, as ataraxia mentionned, it's part of the kernel. So any script located in these directories is a program that will launched at bootup.

kushalkoolwal · 05-08-2006, 07:44 PM

Quote:

Originally Posted by ataraxia

All the things in square brackets (including all the stuff in your second list) are parts of the kernel. You can't get rid of them.

As far as the others go, dbus-daemon-1 and hald are required by gnome. Portmap, inetd, and sshd you might be able to get rid of - it depends on what you need on your machine. You can always try to remove them and see what else would go away.

Thanks ataraxia. I was looking for an answer very similar to what you said. Yes I do need inetd,sshd,dhclient service.

So the only service that remains in question is portmap. Should I disable the portmap? I know it is used for RPC but I don;t think so I am using any RPC service???Or perhaps may be. Does the normal operation of the system gets disruppted if I remove portmap?

Thanks

ataraxia · 05-08-2006, 10:08 PM

I always disable portmap on my systems.

farslayer · 05-08-2006, 10:39 PM

For more info on necessary services and securing the system you could look at the Securing Debian manual.. theres a whole section on portmap as well as other services etc.. http://www.debian.org/doc/manuals/se...3.en.html#s3.6

Quote:

The most common RPC-based services are NFS (Network File System) and NIS (Network Information System). See the previous section for more information about NIS. The File Alteration Monitor (FAM) provided by the package fam is also an RPC service, and thus depends on portmap

nx5000 · 05-09-2006, 03:23 AM

I also disable portmap because ten years ago, one of my machines got hacked by it (trin00 worm), since then it has had a lot of security problems.

Now it seems more stable.

You can disable portmap , which will disable famd. To my mind, famd can be a security risk also and on my laptop it was sometimes eating a lot of cpu (during network transfers)

If you really need famd, then you can add this to /etc/init.d/portmap
OPTIONS="-i 127.0.0.1"

Which will make portmap only listen to local interface, far more secure.